[GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Peter Marlow Peter.Marlow at scisys.co.uk
Mon Jan 8 08:15:49 PST 2018


Thanks for the reply Alessio. Are you able to shed some light on a similar post I’ve created regarding the oauth2 config here http://osgeo-org.1560.x6.nabble.com/oauth2-Issue-managing-layer-access-td5348371.html ?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutions.it]
Sent: 08 January 2018 12:11
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Very interesting,
thanks Peter. Yes your findings need to be tackled down on GeoNode core too.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2018-01-02 18:07 GMT+01:00 Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>>:
I think I’ve partially resolved this issue.

The problem was because I had configured my GeoNode instance as locked down, i.e.


LOCKDOWN_GEONODE = True
if LOCKDOWN_GEONODE:
    MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + \
        ('geonode.security.middleware.LoginRequiredMiddleware',)



And the default list of AUTH_EXEMPT_URLS isn’t sufficient – I’ve had to add ‘/o/*’ to the list so it becomes:


AUTH_EXEMPT_URLS = ('/api/o/*', '/api/roles', '/api/adminRole', '/api/users', '/o/*')



So now the GeoNode login button within GeoServer works and the dropdowns are populated with ROLE_ADMIN for the geonode REST role service.

Is the above a bug? It feels like it to me.



The follow on issue I’ve not encountered is that I’ve configured a WMS layer to be accessible to a specific geonode user via the geonode GUI, I’ve also checked that the correct rule has been subsequently generated in geofence, however when I attempt to access the getCapabilities for the WMS (using QGIS) as the specific geonode user using basic authentication I get a security error. Is there something else I need to configure to get this to work? My expectation was that geoserver would validate the given username/password against geonode (using the REST service) and determine that the user is a valid geonode user and has access to the WMS layer in question?


From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 17:16
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

It seems to me that is more a GeoNode issue than a GeoServer one.

404 error means that that endpoint cannot be found.

However you should use GeoServer + OAUth2 from at least GeoNode 2.6.3 and above. For the previous versions better to use this version of GeoServer (old A&A system)

http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 5:25 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
I’ve tried with the 2.9 version of geoserver using the default data directory and tweaked the urls from localhost:8000 to just localhost for the oauth config but I get the same problem. Which leads me to believe it is an issue with GeoNode. I thought maybe I should remove my override of the SITEURL parameter in settings.py which set it to http://localhost/ so that it uses the default SITEURL parameter of http://localhost:8000/, however I’ve done this and restarted apache but doing a curl -X GET "http://localhost:8000/api/roles" still returns a 404 so I’m not sure why geonode has not fallen back to the default URL…

I’m currently out of ideas on what to try next…

Is there anywhere that states which versions of geonode/geoserver are compatible? Or known to work regarding the oauth setup that I’m trying to get working at the moment?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 14:02

To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Nope it is not correct, you should be redirected to the GeoNode login page instead of the GeoServer one and once the GeoNode login is successfull it will redirect you back to GeoServer automatically.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 2:42 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
The geoserver WAR is being retrieved from here: http://build.geonode.org/geoserver/latest/geoserver-2.12.x.war

I’ve found the geonode button in geoserver – when I select it I get a page saying authorise geoserver, when I click ‘Authorize’ I’m just taken back to the geoserver login page with a ‘code’ parameter passed in the URI, is that correct? Or should that have taken me to geonode? I’ve viewed the dropdown lists after using this authorize button but they are still empty.

I’ll try using GeoServer 2.9 as you suggest, thanks for your help so far Alessio.

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutions.it<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 12:17
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Mmm, yes the configuration looks ok.

The button appears if you logout from GeoServer (at least it should appear).

Sorry, don't remember if I already asked, where did you get the geoserver WAR and it's default DATA DIR?

However I never tested GeoServer 2.12.x with GeoNode 2.6.3.

Maybe you can try to go back to GeoServer 2.9 from here

http://build.geonode.org/geoserver/latest/





Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 1:02 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
GeoServer is present at http://localhost:8080/geoserver but can also be accessed via http://localhost/geoserver

This my geonode config:
[cid:image001.png at 01D3889B.F17BB0C0]


This is my geoserver config:
[cid:image002.png at 01D3889B.F17BB0C0]

That all looks to be correct to me…?

I can’t see any button within GeoServer that logs me into GeoNode, whereabouts should I see this button?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 11:37
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Where GeoServer is exposed?

http://localhost/geoserver/ ? Or something else?

Make sure you have all the redirect uris configured on GeoNode Admin

[Inline image 1]

And also on GeoServer geonode-oauth2 plugin make sure all the addresses point to the goenode base (in your case should be http://localhost instead of http://localhost:8000) except for the redirect uri which must be the GeoServer endpoint.


However if you can login by clicking the geonode button on GeoServer GUI, the configuration is good.




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions SA.S.

Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it<http://twittercom/geosolutions_it>

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 12:15 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
I’ve restarted Apache and Tomcat.

I’ve taken a tcpdump to see the connections going from geoserver to geonode

10:55:53.913021 IP localhost.55298 > localhost.http: Flags [P.], seq 206:432, ack 361, win 350, options [nop,nop,TS val 10620058 ecr 10620058], length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1
10:55:53.951452 IP localhost.http > localhost.55298: Flags [.], ack 432, win 359, options [nop,nop,TS val 10620068 ecr 10620058], length 0
10:55:54.004726 IP localhost.http > localhost.55298: Flags [P.], seq 361:5375, ack 432, win 359, options [nop,nop,TS val 10620081 ecr 10620058], length 5014: HTTP: HTTP/1.1 200 OK
10:55:54.004807 IP localhost.55298 > localhost.http: Flags [.], ack 5375, win 1373, options [nop,nop,TS val 10620081 ecr 10620081], length 0
10:55:54.007690 IP localhost.55298 > localhost.http: Flags [P.], seq 432:637, ack 5375, win 1373, options [nop,nop,TS val 10620082 ecr 10620081], length 205: HTTP: GET /api/roles HTTP/1.1
10:55:54.007699 IP localhost.http > localhost.55298: Flags [.], ack 637, win 367, options [nop,nop,TS val 10620082 ecr 10620082], length 0
10:55:54.012633 IP localhost.http > localhost.55298: Flags [P.], seq 5375:5734, ack 637, win 367, options [nop,nop,TS val 10620083 ecr 10620082], length 359: HTTP: HTTP/1.1 302 FOUND
10:55:54.013317 IP localhost.55298 > localhost.http: Flags [P.], seq 637:863, ack 5734, win 1452, options [nop,nop,TS val 10620083 ecr 10620083], length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1

It looks like it is calling out to geonode ok but is being redirected to the login page…? Suggests the authentication between geoserver and geonode is incorrect.

I’ve setup the Client ID and Client Secret within GeoNode and GeoServer as described in the tutorial though - http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/

Are there any other checks I can perform to determine whether geoserver is passing the correct security details to geonode?

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 10:37
To: Peter Marlow
Cc: Alessio Fabiani; geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Nope the geonode address is not a problem, you can use whatever is accessible.

Did you also restarted GeoServer / Tomcat ?


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Wed, Dec 20, 2017 at 11:32 AM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
Hi Alessio,

Thanks for the reply!

It looks like the /api endpoint on my geonode is accessible at http://localhost/ and not at http://localhost:8000/. Is this a problem?

I’ve configured the base URL of the Role Service to be just http://localhost/ but I still don’t see the ROLE_ADMIN user in the dropdowns.

GeoNode has a superuser configured with the username ‘admin’, it doesn’t have any groups though, do I need to create a group?

If I open up port 8000 in my apache2 config how would I go about changing the GeoNode api to be on port 8000? (is that actually necessary?)

Thanks,
Pete

From: Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit<mailto:alessio.fabiani at geo-solutions.it>]
Sent: 20 December 2017 09:18
To: Peter Marlow
Cc: geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
Subject: Re: [GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty

Hi,
the roles are taken from GeoNode.

You need to be sure that:

1. GeoServer can reach GeoNode
2. the base url of the role service is correctly pointing to GeoNode
3. GeoNode has either an admin user configured and groups

If still not working you can try to do some curl requests to GeoNode and see if it is correctly responding.

curl -X GET "http://localhost:8000/api/roles"




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
55054  Massarosa<https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g> (LU)
Italy
phone: +39 0584 962313<tel:0584%20962313>
fax:     +39 0584 1660272<tel:0584%20166%200272>
mob:   +39 331 6233686<tel:331%20623%203686>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

On Tue, Dec 19, 2017 at 6:14 PM, Peter Marlow <Peter.Marlow at scisys.co.uk<mailto:Peter.Marlow at scisys.co.uk>> wrote:
Hi all,

I’m configuring geonode/geoserver security using the tutorial here - http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/

The problem I have is that when I create the ‘geonode REST role service’ both the ‘Administrator role’ and ‘Group administrator role’ dropdowns are empty – the tutorial suggests they should contain the value ROLE_ADMIN.

Any ideas where this ROLE_ADMIN should be configured in order to make it available in the dropdowns?

GEOSERVER VERSION – 2.12-SNAPSHOT
GEONODE VERSION – 2.6.3

Thanks,
Pete



SCISYS UK Limited. Registered in England and Wales No. 4373530.
Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.

Before printing, please think about the environment.

_______________________________________________
geonode-devel mailing list
geonode-devel at lists.osgeo.org<mailto:geonode-devel at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-devel







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180108/eb1b8313/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 20690 bytes
Desc: image001.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180108/eb1b8313/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 29479 bytes
Desc: image002.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180108/eb1b8313/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 18449 bytes
Desc: image003.png
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180108/eb1b8313/attachment-0005.png>


More information about the geonode-devel mailing list